Coinmama is an online broker dealing with the exchange of Bitcoins and Etherium. It allows customers to buy e-currency easily with the option to purchase with a credit card. With over 1,250,000 customers since 2013, it boasts a large database and a great platform to steal masses of data from.

Similarly, the latest bundle offered by the hacker, Gnosticplayers, include Coinmama’s 450,000 records. This will be the third round of mass data dumps. It is on offer for 0.351 Bitcoin (£1051), with 70,000 cracked passwords.

What do we know about Gnosticplayers

Hacker, Gnosticplayers is suspected of being behind mass data breaches happening across large company websites. Targeting such companies allowed the actor to get their hands on data in large amounts because of the companies’ large clientele.

Details on how the actor is stealing the data remain unclear. Researchers have noticed that one common trend with the attacks is the exploitation of the software PostgreSQL. There are suggestions that there are vulnerabilities in this open source software that the hacker was able to take advantage of. However, Postgre SQL developers disputed this fact stating that they are not aware of any vulnerabilities. The last known vulnerability was late last year. CVE-2018-16850 allowed an attacker to cause arbituary SQL statements to run with superuser privileges. PostgreSQL consequently released updates for all versions of the software. Alternatively, its surrounding applications have flaws that accessed PostgreSQL. Another tactic of Gnosticplayers is to target email addresses, username, passwords, phone numbers and IP addresses.

In a recent Interview with ZDNET, the alleged hacker claimed that he is directly behind the attacks and does not only act as a mediator. He also mentioned his intention is to sell over 1 billion stolen records and disappear shortly after. He is not far from his target as the total figure to date is just over 830 million.

Recommended steps Coinmama customers should take

It is recommended customers take this opportunity to change their passwords. These changes include their Coinmama account, their connected email account and to other accounts, they have with the same or similar passwords.

Additionally, users should take this opportunity to add multi-factor authentication to any of their user accounts that provide this for extra security.

Coinmama issued a statement via a blog updating its customers before the weekend about the breach that took place and its swift actions to remediate the breach. Despite this, the data resurfaced on the dark web for sale during the weekend.